Invicti vs Seeker comparison

Invicti and Black Duck are both solutions in the API Security category. Invicti is ranked #5 with an average rating of 8.7, while Black Duck is ranked #16. Invicti holds a 2.5% mindshare in APIS, compared to Black Duck’s 1.1% mindshare. Additionally, 96% of Invicti users are willing to recommend the solution, compared to 100% of Black Duck users who would recommend it.

Invicti

Read 29 Invicti reviews

185 Views
101 Comparison Views

96% willing to recommend

Seeker

Read 1 Seeker review

70 Views
50 Comparison Views

100% willing to recommend

Invicti

Seeker

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Invicti and Seeker based on real PeerSpot user reviews.

Find out what your peers are saying about Akamai, F5, Checkmarx and others in API Security.

To learn more, read our detailed API Security Report (Updated: March 2025).

Buyer's Guide

API Security

March 2025

Download the complete report

Helped 847,862 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Invicti

Ranking in API Security

5th

Average Rating

8.2

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (15th), Dynamic Application Security Testing (DAST) (3rd)

Seeker

Ranking in API Security

16th

Average Rating

7.0

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Internet Security (18th), Mobile Threat Defense (14th)

Mindshare comparison

As of April 2025, in the API Security category, the mindshare of Invicti is 2.5%, up from 2.0% compared to the previous year. The mindshare of Seeker is 1.1%, down from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

API Security

Featured Reviews

Kunal M

Capability Center Leader, ETRM Platforms at Shell

Proactive scanning measures and realistic audit recommendations enhance development focus

Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Read full review

San K

Senior Group Leader at Infosys

More effective than dynamic scanners, but is missing useful learning capabilities

One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"High level of accuracy and quick scanning."

"Its ability to crawl a web application is quite different than another similar scanner."

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

"Invicti is a good product, and its API testing is also good."

More Invicti pros

"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."

Cons

"Netsparker doesn't provide the source code of the static application security testing."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"They could enhance the support for data swap testing for the platform."

"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."

"The custom attack preparation screen might be improved."

"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."

"The solution's false positive analysis and vulnerability analysis libraries could be improved."

"Right now, they are missing the static application security part, especially web application security."

More Invicti cons

"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."

Pricing and Cost Advice

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"We never had any issues with the licensing; the price was within our assigned limits."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"It is competitive in the security market."

"OWASP Zap is free and it has live updates, so that's a big plus."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

More Invicti pricing and cost advice

"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."

See which vendors are best for you

Use our free recommendation engine to learn which API Security solutions are best for your needs.

See recommendations

847,862 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

49%

Financial Services Firm

10%

Computer Software Company

Manufacturing Company

Financial Services Firm

21%

Computer Software Company

13%

Government

13%

Manufacturing Company

12%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.

See all answers

What do you like most about Invicti?

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

See all answers

What needs improvement with Invicti?

Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...

See all answers

Ask a question

Earn 20 points

Comparisons

Acunetix vs Invicti

Compared 19% of the time

OWASP Zap vs Invicti

Compared 14% of the time

Snyk vs Invicti

Compared 6% of the time

Qualys Web Application Scanning vs Invicti

Compared 6% of the time

SonarQube Server (formerly SonarQube) vs Invicti

Compared 6% of the time

More Invicti Competitors

Contrast Security Assess vs Seeker

Compared 33% of the time

Coverity vs Seeker

Compared 23% of the time

PortSwigger Burp Suite Professional vs Seeker

Compared 12% of the time

SonarQube Server (formerly SonarQube) vs Seeker

Compared 11% of the time

Synopsys API Security Testing vs Seeker

Compared 10% of the time

More Seeker Competitors

Product Reports

Buyer's Guide

Invicti

April 2025

Download Invicti product report

Buyer's Guide

Internet Security

April 2025

Download Seeker product report

Also Known As

Netsparker

No data available

Overview

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Invicti

Seeker®, interactive application security testing (IAST) solution, gives you unparalleled visibility into your modern web, cloud based and microservices based app security posture. It automatically verifies, prioritizes and reports on critical vulnerabilities in real time. It identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed.

Black Duck

Sample Customers

Samsung, The Walt Disney Company, T-Systems, ING Bank

El Al Airlines and Société Française du Radiotelephone

Find out what your peers are saying about Akamai, F5, Checkmarx and others in API Security. Updated: March 2025.

DOWNLOAD NOW

847,862 professionals have used our research since 2012.

See our list of best API Security vendors.

We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.